An IAM user can enable an MFA device for their own user when their IAM policy grants the required permissions (such as iam:CreateVirtualMFADevice and iam:EnableMFADevice). The root user can enable MFA for the root user credentials, but it is not the only principal that can enable MFA. IAM roles cannot have MFA devices attached, and MFA can be configured through both the AWS Management Console and the AWS CLI.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What permissions are required for an IAM user to enable MFA for themselves?
Open an interactive chat with Bash
Why can't MFA be enabled for an IAM role?
Open an interactive chat with Bash
Can MFA be enabled through both the AWS Management Console and AWS CLI?